Platform
wordpress
Component
slider-revolution
Fixed in
6.7.37
CVE-2025-9217 is an Arbitrary File Access vulnerability affecting the Slider Revolution plugin for WordPress. This vulnerability allows authenticated attackers with Contributor-level access or higher to read arbitrary files on the server, potentially exposing sensitive information. The vulnerability impacts versions 0.0.0 through 6.7.36, and a fix is available in version 6.7.37.
An attacker exploiting CVE-2025-9217 can leverage the 'usedsvg' and 'usedimages' parameters to read files outside of the intended directory. This is a classic path traversal vulnerability. Successful exploitation could lead to the exposure of configuration files, database credentials, source code, or other sensitive data stored on the server. The impact is amplified if the WordPress instance hosts other applications or services, as the attacker could potentially gain access to their data as well. The requirement for Contributor-level access limits the immediate impact, but it does mean that a relatively low-privilege user within the WordPress environment could potentially trigger this vulnerability.
CVE-2025-9217 was publicly disclosed on 2025-08-29. As of this date, there are no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not currently listed on the CISA KEV catalog. The relatively low CVSS score suggests a moderate probability of exploitation, particularly if the plugin is widely deployed and the server is publicly accessible.
Exploit Status
EPSS
0.06% (19% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-9217 is to immediately upgrade the Slider Revolution plugin to version 6.7.37 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider restricting file access permissions on the server to limit the potential damage. While not a complete solution, implementing a Web Application Firewall (WAF) with path traversal rules can help block malicious requests targeting the vulnerable parameters. Regularly review WordPress user roles and permissions to ensure that only necessary privileges are granted.
Update the Slider Revolution plugin to version 6.7.37 or higher to mitigate the Path Traversal vulnerability. Ensure your WordPress installation is up to date and that security best practices are applied, such as using strong passwords and limiting user privileges.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-9217 is a vulnerability in the Slider Revolution WordPress plugin allowing authenticated users to read arbitrary files on the server. It affects versions 0.0.0–6.7.36 and has a Medium severity rating.
You are affected if your WordPress site uses the Slider Revolution plugin and is running version 6.7.36 or earlier. Check your plugin version and upgrade immediately if vulnerable.
Upgrade the Slider Revolution plugin to version 6.7.37 or later to resolve the vulnerability. If upgrading is not possible, consider implementing WAF rules and restricting file access permissions.
As of 2025-08-29, there are no confirmed reports of active exploitation, but the vulnerability is publicly known and could be targeted.
Refer to the official Slider Revolution website and WordPress plugin repository for the latest security advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.